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(54) TiUe: FREBOOT FROTECnON FOR A DATA SECURITY SYSTEM 



(57) Abstract 

A secure computer controlling access 
to data storage devices via a card reader, A 
microf»ocessor-controUed card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of the 
computer reads and writes infoimation from 
and to a card placed in the card reader and 
perfonns additional functions in response to 
commands received from the CPU. The czrd 
reader intcrfece includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. "Die verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the answers 
against the contents of the card. If autho- 
rization is verified, the card reader interface 
permits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus, and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
mg the data in the data storage devices; and 
physically destroying die data storage de- 
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PREBOOT EROIECnON FOR A DATA SECUROY SYSTTEM 

5 Technical Field of the Invention 

The present invention pertains generally to ccanpaisx: security 
systons, and more particularly to a nricroprocessor-conlrolled system for 
coaitrolling user access to and dissoiiinatiao of secure data stored in a secure 
axoputer. 

10 Badqaroimd of the Invention 

Tha^ has bem an aicmwus increase in the use of conputers 
for processing and storing smsitive infiDonation in a wide vari^ of 
cammercial and government plications. Carnpvtsar systems have evolved 
from large ^ems witii restricted access to small systans which may be 

15 portable and easfly accessed by several users. As con^xaiaits have become 
HKJre easily accessible and as cfarand for easy conqniter acc^ has spread, 
fliere has arisra a greater x^ed for the protection of soasitive data. 

One mdhod for securing acc^ to coopiter ^'stam is to 
iiKtrict the physical acc^ to the conpiter system, howeva:, such restriction 

20 is inefiSdent for typical conpata* systmi installations which fevor shared 
acc^s and increased portability. The cost of securing conpitcr systems by 
restricting pl^ical access is also jH^ohibitive. 

Another riKthod for px)viding security of sensitive data is to 
use a program to restrict acc^ to the conputo* ^^stem However, this 

25 mediod has drawbacks. For instance, an unauthorized user can often bypass 
the sa^urity program or routine wliich invoke die security program to gain 
access to the cornpitea: systmi Even if the security program proves to be 
difScuh to bypass, the una^orized user can singly remove die infomiation 
stored in the coopiter by removing the memosy or monitoring the data bus. 

30 For exanple, a hard drive could be removed fiom the conpjter and installed 
in another conpito- to read the contsits of the hard drive. 

To prevQit sudi mmrdiarized access and retrieval of sensitive 
information, sensitive data may be destroyed ather Ic^cally or physically. 
Logical destruction requires that any data destroyed be nnintdligible to 

35 anotha* user after the destruction process has taken place. The storage rxxsdia 
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will typically still be reusable. An exanple of a logical destruction program 
is a program vMch erases the sensitive files on a hard drive v^tei an 
unauthorized access is deteaed Physical data destruction, on the otho" hand, 
requires catastrc^hic destruction of die storage media to aisure that the 
5 contents in the storage media are irretrievably lost. 

In some apphcations the program d^oying the logical data 
feils to ccHiqjletely destroy the data and advanced data r^eval techniques 
may be employed to recover traces of Ip^cally destroyed infbrraarion. For 
example, information on a hard drive of a conpjter m^ be recovered by 
10 methods vAndti d^ect previously written and aiased binary words from trace 
magnetic remnants of lis words. If the logical destruction methods are only 
partially eflfective, physical destracticn tedmiques may also be required to 
msure that the data is destroyed and cannot be recovered 

It m^ be desirable to restrict access to partioJar peripheral 
15 devices on a conputer or woricstation, wAisr tiian restricting axess to the 
Qitire coopiter system Modem conpit^ security systans feil to provide 
such r^tricted access. 

Therefore, there is a need in flie art for a ccraput^ security 
syston \^di prohibits unauthorized access and whidi is not vulnarable to 
20 bypass yet maintains the portability and flexibility inherent in a modan 
coopiter system. There is a fialher need to provide con^Iete protection of 
SOTsitive data such that the data m^ not be recovered by bypassing the (fata 
jTOtectioa systOTi or by fiiysical remo\d of data storage devices. Finally, the 
system must also provide cooqjlete destruction of sensitive data to prevent 
25 retrieval of data traces. 

Sungmrv of the Invention 
To overcon^ these and other shortcomings and limitations in 
the art whidi will become parent to those skilled in the art iq3on reading 
and undo^tanding the following detailed desoiption, the present invention 
30 provides a system for cOTtroUing access to sensitive infbrraation on a 

con^Hite withom con^jromising the security of sensitive d The present 
invention restricts ooopjter access to authorized users. In addition, it detects 
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attenpts to imitate an authorized user to gain access. Further, the present 
invention provides for configurable logical and physical destruction of 
se33sitive data, ami provides means for adjusting the threshold requirement for 
destruction and the level of destruction to suit tiie d^ree of security required 
5 for the information stored on the conpito'. Fimlly, the present invention 
provide a means, undo* the control of a centralized audiorization security 
adnrinistrator, for limiting access to portions of the ovotII conpiter system 
depending on the access privileges coofigured for eadi individual user. 

In one embodiment of the present invention, a miCToprocessor- 

10 controlled card reado" inter&ce logically connected to the CPU of the 

compv^ reads and vmtes infcm^on fiom and to an integrated circuit card 
("card" or "smart card") placed in the card reader. The information read is 
presCTted to the CPU to detsmine vrfiether the usct is authorizBd to use the 
conpito", the CPU then specifies vrfbidi perifterals the user is authorizBd to 

15 access. A card reado- interfere board logically connected to die data and 
address buses of a conputer monitors address bus of the computer and 
restricts access to the data storage device and configurable ports in the 
system and executes a special vaification program to vCTfy authorizaticwi of 
theusCT. 

20 According to one €nd>odin^ of the present invention, vAim a 

vaUd usee card is placed in the card reader one or more questions are read 
fi*om the card and displayed to the user. The usa's responses are conpared to 
the comect answers stored on the card and, if the responses matdi the correct 
answers, the CPU is allowed to access all j)OTphdrals the use* has been 

25 authorizied to use. Conpjter security is nn^roved by coordinating 

identification information recdved ftom the card, user, and conoputer RAM to 
aisure proper verification The system requires that the same card, user, and 
con:?)uter be used to control access. 

hi one embodiment of this invsition, the system provides fi^r a 

30 method of initializing and aufliorizing a user card with a seojrity administrator 
card Upon a valid security administrator card being placed in the card 
reader, a security administrator initializes and authorizes one or more 
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individual user cards by selecting from a list of menu opdcHas displayed to the 
security admirristrator. The security administrator iiqjuts a list of questions 
and answeis which are dam stored m tiie user card for use during die 
verificatian procedure. 
5 In one embodiment of tte present in^^endon, the system 

pKMdes for ahierarchy of acc^ privileges by encoding ^»ess codes direcdy 
on the card v*icfa allow users with siqjmor wocss privileges to access data 
on con^Hiters of users with inferior access privileges. The same coding 
syston prevents the users with inferiOT access privil^es from acc^ing the 

10 conpiters of those with si5)Gior access privileges. 

In one anbodimait of the presait invention, tiie system 
provide for the physical or logical detraction of data in response to 
unauthori2Bd attenpts by a us^ to violate the physical or logical integrity of 
the conpitQ' system The physical arid Ipg^cal destruction of data may be 

15 disabled for maintenance or configuration purposes by use of a maintaiance 
carl 

The precedirig and other features and advantages of the 
invention will become fiirther api^eut from die detailed description that 
follows. This desaiption is accan:9)anied by a s^ of drawipg figures. 
20 Numaals are mq>loyed throughout the written description and tiie drawings to 
point out the various features of this invaition, like numaals refaiing to like 
features throu^uL 

Brief DescripticMi of die Etocvings 
In the drawings, where like nunKxals describe like conpcmeats 
25 throu^out the several views: 

FIGURE 1 A is a perspective view of a first embodiment of a 
secure compute syston inplonented according to the present invention; 

FIGURE IB is a blodc diagram showing the hi^level 
architecture of a first embodtmait of a secure cornjuta- systrai iEH>lenittited 
30 according to the presait invention; 
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FIGURE IC is an electrical block diagram showing tbe 
microiXDcessor-conlrolled card reada: interfece for a first eoibodinient of a 
secure conpiter system according to the preset invaiticm; 

FIGURE ID is aporspective view of a secoiKi eaiibodiinent of a 
5 secure cotiqiuter systrai implanented according to the presait invaition; 

FIGURE IE is a perspective view of a third cjnbodinKiit of a 
secure conpita- systsn inplraieated according to tiie present invQition; 

FIGURE 2A is a blodc diagram of a computer Systran with a 

hard drive and iitferfece board; 
10 FIGURE 2B is a block diagram showing hov^ a ccfo^juter 

system with hard drive is modified to oeate a secure coopiter system 
according to a second embodiment of the present invaation; 

FIGURE 3 is a blodc diagram showing the hi^ level 
ardiitecture of a seaire conqjuto: system according to a second embcdiraent 
15 of the present invention; 

FIGURE 4 is a blodc diagram showing the hi^ level 
arcWtecture of one orixxfiment of the control ASIC sbcmx in FIGURE 3; 

FIGURE 5 ^ws a block diagram illustrating the operatioo of 
one OTibodimsit of the data steering network shown in FIGURE 3; 
20 FIGURE 6 is a block diagram showing tiie loader program and 

verification program resident in the read cjnly mraiory (ROM) of one 
erabodimeot of tiae card Teada* interface board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program st^ takoi to initialize aiKi execute die security portion of a secure 
25 conqniter systmi program according to the present invention; 

FIGURE 8 is a block diagram diowing a hierardiy of access 
for users of a secure conpiter system; and 

FIGURE 9A and FIGURE 9B illustrate a pictcnial display of 
one anbodiir»it of a iiKHindng sdisne used to co-locate a card reader and 
30 hard drive. 
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Dialled Specification of the Rrefenied Embodknoits 
In the fbllowing d^ailed d^cnptiooa of die pnefetred 
embodinients, ref^mce is made to die acconpaii^dng drawings vAndk fonn a 
part hereof, and in \\hich is shown by way of illustiation specific 
5 embodimmts in the invention may be practiced It is to be understood 
that otiaer mibodiments nniay be utilized ^ diang^ may be made 

without departing from the scope of ti^ present invention. 

FIGURE 1 A shows the oomponoits of a compute- system to be 
secured with a card reader inter&ce according to a fir^ embodiment of the 

10 present invention. This embodiment was shown in US, Patent No. 5,327,497, 
issued July 5, 1994, by Mooney, ^ al. The ccnpiter system iiKdudes a 
keyboard 101 by whidi a user may ii^njt data into the systan, a conpiter 
chassis 103 viddh holds electrical conponents and periph^als, a screm 
display 105 by which infomarion is displayed to the usct, and a pointing 

15 device 107, the system conpoi^nts logically connected to each oAisac via the 
internal system bus of the cosxpjter. A card re^ler 1 11 is connected to the 
secure conputo- system via card reado* ictefece board 109. The prefored 
card reader 111 is an Anphenol® "QripcarxT accqptor device, part mmaber 
702-10M)08 5392 4794, which is compatible with International Standards 

20 Oganization (ISO) spedfication 7816, althou^ one skilled in the art would 
readily recognize that otho: card reado" devices wiiidi conform to ISO 7816 
may be sut^tituted 

In orc^ for the conpiter systmi to be secured, a card read^ 
mbsxSacc is integrated into tiie computer ^^st^ in a manner similar to that as 

25 revealed in FIGURE IB. A card reader interfece board 109 contains a 

micToprocessor 116 connected to the CPU of &e compxitsT via a second data 
bus 117, connected to RAM 127 via a tiiird data bus 131, and connected to 
the card reader 111 via a fourth data bus 133. The interfece board 109 is 
typically implonaited witii printed drcdt board tedmolc©^, althougji otho* 

30 equivaloit tedmologies may be substituted without loss of generality. 

PCTipherals 121 within conputer 103 are controlled by tibe CPU 123 and PLD 
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129 with a power control drorit 119, \^ch turns power oflf and on to 
pOTphonls 121. A systan boot ROM 126 logically connected to tiie CPU 
123 to start executing a noivvoladle program contained in PLD 129 \spm 
initialization of the conpiter during power-up, dear, or warm-boot 
5 An IC card 115 is used in corguncdon with card reader 111. 

The prefened card 115 is a MICRO CARD® or GEMPLUS® card (for 
exan?)le, Scot 100, TBIOO, COS IC cards), \^cfa is coi^jatible wifli ISO 
7816, By confonning to this standard, the card 115 oiables the siqjport of 
Data Encryption Standard (DES) data encryption and decryption functions. 

10 One skilled in &e art would readily recognize Aat other cards yM(h confonn 
to this standard and provide data eoayption and decryption functions be 
substituted Tte ability to aioypt and deoypt data is in^x^lant, since the 
present invention is designed to ensure that unmcaTpted sensitive data do^ 
not lesitfe in tfie CPU where it could be read by an unauthorized user. 

15 The schmiatic for card reada* interfece 109 is described in 

greater d^ail in FIGURE IC NfiCTOprooessor 116 is powered by dicuit 135, 
and controls systan fiinctions via connecticns to the systan data bus 125. 
System resets are initiated by clear line 137. Validation arKl authorization 
infi3ntnati<Hi is transfened between die microproc^sor 116 and RAM 127 via 

20 die third data bus 131 in coigunctioo with address or data sdect line 141, 

strobe line 143, and dhip select line 145. Backup power is provided for RAM 
127 by a +5 volt lithium battoy 139. 

The miax)processor 1 16 communicates with systmi data bus 
125 as a smal communications device using CIS line 147, DTR line 149, 10 

25 MHz clock line 151, saial data out line 153, and serial data in line 155. A 
sq>arate 3.5 MHz clock line 157 is used to provide a clock signal to PLD 
129, which is used by die nricroproc^SQr 1 16 for card reset contrd via line 
159, card serial data control via line 161, and card intenrupt control via line 
163. The PLD 129 in turn connects to the card via card serial data contact 

30 177, card clock contact 179, and card reset contact 181. 

Mcroproc^sor 1 16 also has die ability to control the physical 
destructionof data within the conpiter system via line 165. A physical 
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destruction device be triggered usin^ 
exan^jle, line 165 imy be comiected to a mecl^sni ccmtaining a 
solution vMoh is sprayed onto ahard disk contained in the secure conpiter 
systoii Avhen an unaufliorized user attanpts to violate the physical or logical 
5 int^ty of the conpita- system. Several destruct nsdianisras are tau^ in 
the prior art, and me of ordinaiy skin in the art vvould recc^^ 
equivalOTt destruction ctoicals and medianisms may be suhstituted wiAout 

loss of gmerality. 

The nriccoprocessor 116 uses power ccmtrol lii^ 173 with 

10 svwtdi 171 and +5 volt relay 175 to provide power to the card via card logic 
voltage snjply contact 183 and card prpgramniing contact 187, The card is 
grounded via card grouiKi contact 185, and d^ected by applying power 
throu^ card detect power contact 191 to nriooprocessOT 116 by card ddert 
contact 189. Card contacts 193 and 195 and line 197 are reserved for future 

15 use, 

FTGORE ID shows the ccmqxmmts of a second embodimait of 
a secure computer system according to the present invention. Secure 
conputersystrai 100 indudes a keyboard 101 by ^di a user may iiqnit data 
into the system, a con^Hiter chassis 103 vAnch holds electrical ooaqponeols 

20 and periphraals, a screen displE^^ 105 by vvhidi infiMmation is displayed to tiie 
user, a secure hard drive 113, and a pointing device 107, the system 
con^xMiCTts logically connected to each other via the internal system bus of 
the oonpitG:. A card reador 111 is competed to tiie secure coa^jutersyston 
via card readsc interfece board 109. As in tine first embodimsit, the prefmed 

25 card reader 111 is an Anqihenol® "Chipcard" Bccqptoc device, part numbCT 
702-10M)08 5392 4794, which is compatible with Intmiational Standards 
Organization (ISO) 781 6 specifications. 0» skilled in the art wcHild readily 
recognize, however, that other card reader devices wdiich ccaifoim to ISO 
7816 nay be substituted FIGURE ID shows card reado" 111 and secure hard 

30 drive 113 co-located in a single peripheral b^. Other mounting tedmiques 
are available, howevCT, would not modify the scope of the preset 
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inveodoii, for example, positionmg card reader 1 1 1 externally as shown in 
HGURE IE. 

FIGURES 2A and 2B illustrate flie modifications required of a 
standard peisonal con^jfuter syston 705 in ordea: to create a secure computer 
5 system 100 acccrdiijg to the presait inveotioa FIGURE 2A is a sinoplified 
blcdc diagram of a computQ- system 705 ccmnKinly found in the prior art 
Central processing unit (CPU) 290 is ccHmected to dedicated hard drive 
ccHitioller Ip^c 710 vrfrich serv^ as an interfece for the compaisT system to 
hard drive 1 13. Typically, hard drive conlrdlQ- logic 710 is a printed circuit 

10 board vMcti is installed in the tedqplane or integrated into die nKJthaboard of 
coirputer 100, and hard drive cOTtroIla- logic 710 is connected to hard drive 
113 usiriganHdticonductorcable720. Hard drive 1 13 be mounted 
extOTially to ccttEputer 705, or intOTially, 

FIGURE 2B shov^ how the standard pa:sonal conpitar 705 is 

15 convoted to a secure conq)uta' system according to one en±Kx!^^ 

present inventioa In FIGURE 2B, secure coo^niter S3^tem 100 is fonned by 
adding integrated circuit (IC) card 115 and attaching card reader 111, cable 
730, and card re^ intofece board 109 to systmi 705. Card reado- 1 1 1 may 
be added to the system by removing cable 720 fixsn hard drive 1 13 and 

20 connecting it to card reader intefece board 109, then connecting card reader 
111 to card reader interface board 109 via cable 731. Hard drive 113 is 
connected to card reader interfere board 109 using cable 730. 

CardreadCT 111 acts in concert with card reader interfece board 
109 to limit access to srasitive data st^ed both on hard drive 113 and card 

25 reads- interface board 109. Iritegrated circuit card 115 is prepix^ramn^d with 
infOTimtian used to vaify that the user is audiori2Bd to access the soisitive 
data stored on hard drive 113. Security for sensitive data stored on hard drive 
1 13 is provided by requiring a minirmim of three distinct sources of 
authorization verification information in order to acc^s the SCTsitive data In 

30 order to gain acc^ to the smsitive infcraiatiQn stored on hard drive 113, 
bodi card 115 and card reader inter&ce board 109 must pr^ent proper 
identification information and the user must enter a series of predetennined 
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answers to a sales of predetermined questi^^ If any of the sources of 
idOTtification information is incorrect, board 109 may prevent access to the 
secure caipiter system 100 by freezing the systonbus 292 (reqiriring cycling 
of the system power to secure conqjuter system 100), logically 
5 destroying ai^ sensitive data on flie systrni, or physically destroying the 
storage devices containing sensitive infonnatioa 

The details of one embodimmt of the present invoiticm will be 
specified in greater detail using 4e fdlowing figures. FIGURE 3 is a detailed 
electrical Uodc diagram of the secure corrpiter systan 100 of FIGURE 2B, 

10 showing connections brtween card reader interface board 109, card reader 
111, secure hard drive 113, and central processing tmit (CPU) 290. In the 
present invention, iml^joident, dedicated data buses are ra^doyed such that 
card reader inteifece board 109 ccanraunicates widi card re^fcr 1 1 1 via card 
reader bus 225, hard drive 113 via hard drive bus 272, and CPU 290 via hard 

15 drive COTtroUer logic 710 and systan bus 292. (hard drive bus 2^ is 
analogous to cable 730 of FIGURE 2B and syston bus 292 is analogous to 
cable 731 of FIGURE 2B.) The utilization of independait dedicated 
hises for communications witii card reader 111, hard drive 113, and CPU 290 
decreases the diances ftjr retrieval of sensitive data and encryption 

20 infcHmarion, since system bus 292 transfas only immaypted data to the 
conpita' system fix)m card reado* interfece board 109. An unaudiorized 
intruder would have to monitor all three bus^ to attm^Jt to decipher the 
encjyption codes used and the n^thod by vMdi fte security systsn interacts 
witih the conpiter syston 

25 FIGURE 3 also shows the iitoconnBctians of the con5X)nents 

on card reader interfece board 109. In one embodroKnt, the card reader 
interfece board 109 contains a Zilpg Z86C6116 irocessor 220 for controlling 
data transfer betvveaa card reader 111, hard drive 113, arid CPU 2%. The 
Z86C6116 is an 8-bit data bus, 16-bit time-multiplexed address bus 

30 mia-oprooessor qjedfied in the 21og Z8 Mcrocontrollers Book, DC8305-01 
(1993), vMdtx is incorporated hanein by referecK^e. Oflio' microprocessors may 
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be readily substituted without matOTally affecting the scope of the present 
inventioii. 

Processor 220 controls tiK transfer of data on card reai^ 
intofece board 109 by issuiiig commands to control ASIC 230. Control ASIC 
5 230 ac4s as "^ue logic," undo* control of processor 220, coordinating the 
opoBtion of data steering ndwork 240, dpher engine 270, and proc^sor 220 
to control infbnmtian transfer between CPU 290, RAM 260, and hard drive 
113. 

Data steoring netwodc 240 is an S-bit controllable mpcA and 
10 output port circuit designed to allow processor 220 to communicate with 
RAM 260 and cipher engine (CE) 270, but to prevent unaudiorizBd acc^s by 
a usCT controlling system bus 292 to retrieve data from RAM 260. FIGfURE 5 
is a block diagram showing the operation of the data steering iKtwoik 240. 
Data steexirtg network 240 essentially op^a^ as an eight bit wide 
15 bidirectional paralld multiplexer \\iiich limits data transf^ from processor 220 
to RAM 260, or altanativdy to CE 270 (and, therefrae, potentially to system 
bus 292 ifport A 274 and port C 278 of CE 270 is connected). Attennptsto 
read information from the address space assigned to RAM 260 vAndti 
originate from the system bus 292 are inpossible, since RAM 260 is logically 
20 isolated sudh that no address space exists from syston bus 292 to acc^ 
RAM 260, 

Retumiiig to FIGURE 3, in one oribodiment cipher engine (CE) 
270 is an 8-bit NSA certified DES oiayi^on engine meeting specification 
DES 3. Sudi a device is manufectured by ConqjutQ- Hdctronik as part 
25 number CE99C003. Furtha- inforaffltion dialling the operation of that 
OTibodinient of CE 270 m^ be found in CE Infosys 99C003 Data Shset 
Version 1.01, 

CE 270 is controlled by processor 220 via data steaing 
networic 240 by commands received at port C 278. CE 270 may be instructed 
30 by processor 220 to provide a data path between port C 278 and port A 274 
(no Qiayption) or betwem port A 274 and port B 276 (DES encrypted data 
oiriput from port B 276, and nonaiCTypted data fiiom port A 274). Ehning 
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system initializaticsi a data path betweoi data steering netwodc 240 and 
system bus 292 is created using part C 278 and port A 274 vAiisidby 
noomoypted data can be transfened imdo' control of prcx^esscr 220 to systan 
bus 292 \ia hard drive controUo- Ipgic 710. Once user aufliorizalioii is 
5 verified and there are no pmding security violations detected, CE 270 uses a 
key to DES maypt data transmitted by port B 276 to hard drive 113. 
Similariy, CE 270 dedfiiers eaKaypted data fitm hard drive 1 13 and preseats 
it to system bus 292 via hard drive controlla- Ipgic 710 vrfien port A 274 to 
port B 276 dbannd is allowed One skilled in die art wovid readily recogmze 

10 that other cipher oigines \\4iich coofoim to the above-naentioned standards and 
si?5X)rt data enayptiaQ may be sd>stituted without materially modifying the 
sphit and scope of the pr^oit invratioa 

RAM 260 is subdivided into secure and op» s^gmmts by 
memory maj^jing the secure s^;me3its such that dsey are acc^sible only to 

15 fH-ocessa: 220. Tlris prevrats bodi acddental and intrationd loss of 
infbmaation fi-om the RAM 260 to the system bus 292. RAM 260 is 
addressable only by processor 220 and contains DES base kernel key 
eiKiypdon infcmiation and answers to verificatioa questions retrieved from 
card 115 by processor 220. The open portion of RAM 260 contains the 

20 verification questions retrieved firom card 1 15 and o&er nons^isitive data 
As can be seoi in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used fay the CPU 290 
vpm initialization to load and execute the vaificatioo progr^ Since 
standard BIOS routines atten^Jt to bocrt firnn the C: drive the vsq of ROM 280 

25 in conc^ with processor 220 and control ASIC 230 to simulate a C: drive 
allows tfie present invoition to be used in tiie standard IBM conipatible 
personal cmspater without having to modify the s>^em BIOS (basic 
input/output systan). 

Card 1 15 is used with card reader 111 unda- control of 

30 processor 220 to provide the corrpzter system 100 with information 
conceraing DES key enayption, verification questions and answos, usq- 
access privilege level, ©qnration date, origin of card issuairce, and card us^ge 
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histoiy. As in tfte first raibodiinent, the prefaxed card 115 is a MICRO 
CARDS) OT CEMPLUS® card (for example, Scot 100, TBIOO, or COS IC 
cards), wWdi is conpatible widi ISO 7816. Qie skilled in the art would 
readily recognize that other IC cards vMdti ccHiforin to this standard and 
5 provide data encryptfon and decryption fimctioais may be substituted wifliout 
materially modifying the spirit and scope of the present invratioa 
LOGICAL & PHYSICAL DESTRUCT HARDWARE 

Control ASIC 230 also momtors atten:^ed unauthorized 
retrieval of data ficm the protected storage devices and presets mfbrmatiQn 

10 to processor 220 if control ASIC 230 detects an atten^rted unauthorized 
access. Processor 220 monitors signals fixjm ti^ control ASIC 230 and 
ccmmands contrd ASIC 230 to issue a conxmand to dihsx logically or 
physically destroy protected infonnation in RAM 260 or secure hard drive 
113. Logical destruction of data on the RAM 260 is acconq^lished by 

15 asserting trigger signal 211 emanating fiom processor 220, dearing the 

cont^its of RAM2^. Lp^cal destruction of ti^ sensitive data cm hard drive 
113 follows naturally, since the DBS enayption key synthesis infonnation is 
destroyed vhsn the RAM 260 data is (testroyed, and, without the DES key, 
the infonnation on hard drive 1 13 is logicaDy irretrievable. Fiscal 

20 destruction of data can also be accon^li^ed by assoting physical destruct 
signal 212 mianating Sxm processor 220, as a means of tri^mng a physical 
destruct padcage 213. As in die first anbodiineit, sevaal physical destnict 
padcages are disclosed in the prior art, such as a fenic chloride spr^ or 
plastic explosive package. 

25 Card reader interface board 109 also contains an extra defense 

against physical tan^jering. In (me onbodiment, a transistor drorit 210 is 
used to r^dly erase the contents of dtynamic RAM 260. In sudi an 
embodiment, circuit 210 grounds tiiie power pin of RAM 260 to erase the 
cOTtmts of RAM 260. In nonnal opsation, trigger signal 21 1 is not asserted, 

30 tiiOTiby allowing the collector of transistor circuit 210 to remain at a voltage 
of qjproximately Vcc. In this mode of opCTation RAM 260 is powaed by the 
si5>ply voltage Vcc wlioieby current travels throu^ diode 261 and fuse 263 to 
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RAM 260. If power is intan^rted the batteay 200 provides currait to RAM 
260 tfffou^ diode 262 and fuse 263. 

When the trigger signal 211 is asserted (by proc^sor 220) the 
collector of iipn transistor 210 is forced to a low voltage and current flowii^ 
5 throu^ diode 261 is suflBdent to bum the fuse 263, thereby allowing the Vcc 
taminal of RAM 260 to drop to zko vohs and OBsing the logical contents of 
RAM 260. Altmiatively, if the battoy 200 is supplying RAM 260 with 
current, die trigger signal 21 1 will cause sufiSdsit cunnent to flow throu^ 
fiise 263 to bum fiise 263, and again, the voltage at the Vcc tenninal of RAM 

10 260 will drop to 2Ero volts and erase the logical contents of RAM 260. 
Processor 220 can initiate the logical destruct feature if control ASIC 230 
alerts processcH* 220 that an unaudiorized access is being attenqjted 

The logical and physical destruct medianisms described provide 
several diflFerent levels of data security. In one raibodinrait of the present 

15 invention thwe are five selectible security levds: 

1) Freeze the caiqjuta- system bus, requiring a "cold boot," 
(power off and thai on or "reset"); 

2) Altar the contents of the integrated circuit card so that 
the card must be ipdated to be authcxized for anodio- session; 

20 3) Qear RAM 260 of Ae stored kemd for the encryption 

key; 

4) Logical destruction of RAM 260 memory, requiring 
rdnitializatian of RAM 260 before aiKjdier session way be performed on the 
computer system; and 

25 5) Physical destrucdon of computer system memoiy. 

Oflier security levds are possible and diose skilled in the art will recognize 
that combinations of these levels of security are possible without departing 
from the scope and spirit of the present invention. 
INTERFACE BOARD CONTROL & COMMUNICATIONS 

30 Activities on the card reado: interfece board 109 are 

coordinated in part by code 'T)uraed into" an intamal ROM in processor 220 
and in part by execution of an authorization verification program as detailed 



wo 95/24696 



PCTAJS95/02579 



15 

below. This allows processor 220 to respraid to commands issued by CPU 
290 during the authorization verification pogram execution, yet nKontain 
seairity of sensitive data on card teada: interfece board 109 by actir^ as a 
dedicated controller of sensitive DES ajoryption data and authorization data. 
5 Processor 220 communicates with control ASIC 230 to control data steering 
n^woik 240 and ROM 280, and controls CE 270 using commands issued on 
bus 222 to CE 270 via data steering network 240. Processor 220 is solely 
responsible for communications with card reader 111, which enhances the 
overall security of flie present invention since saisitive data is not placed on 

10 the system bus 292 where it is vulnsable to retrieval. 

Control ASIC 230 is ccsmected to ROM 280 and data steering 
networic 240 using bus 223 and is also connected to the monitor and fiieeze 
control lines of CPU 290 wWdi allows control ASIC 230 to "freeze" system 
bus 292 iqx>n danandby fieezing the systmi bus 292 if a prohibited access is 

15 detected over &e monitor Ixn^. Control ASIC 230 smds a signal to 

processes 220's INT interrupt 221 when it fiieezes systan bus 292 to inform 
pHiocessor 220 fliat the bus was fix)zen, since processor 220 is not coimected to 
systmi bus 292. 

Cantrol ASIC 230 contains a counter (not shown) whidi counts 

20 the number of "sectors" retrieved fitm ROM 280 during boot and loading 
functions (desoibed below) to simulate a hard drive intolace to CPU 290. 
Processor 220 is notified by control ASIC 230 wiim die last byte of prpgiam 
information is read from ROM 280 by CPU 290. Cipher Engine 270 routing 
is controlled by signals fixjm processor 220 to control ASIC 230, and may be 

25 programmed to connect port A 274 to port C 278 to aDow processOT 220 to 
communicate with system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to allow CPU 290 to comniumcate with hard drive 1 13 once 
security conditions have been satisfied, as d^ailed below. 

FIGURE 4 is a block diagram of the fundamental conpanaits 

30 of control ASIC 230. Control ASIC 230 includes a cantrol register 950 with 
bits assigned for the control of data steering n^work 240 and ROM 280 via 
control port (CP) 910. These bits control wheflier bus 222 is connected to 
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RAM 260 CE 270 via data steering network 240. Similariy, Ae control 
hits assigned to the control of ROM 280 assist in the siniulatian of a C: drive 
during the BIOS initiaUzation vMch is detailed below. Control register 950 is 
programmed by instructiOTS from processor 220, and the status of the control 
5 bits may be detamined by reads from proctor 220 of status register 960 via 
processor port 980. INT port 900 is also ccsmecfced to tte control and status 
registers, and indicates vhai the system bus 292 is "frozai" vitea a security 
violation is detected as desoibed above. 

In one OTibodiment of the present inveotian, processor 220 

10 piograms roisters (not shown) in bus address nKmitor 930 by trananitting 
inask wrads to these regist^ via proc^sor port 980. Eadi mask word 
cQnpises a programmable tenplate idmdfying auttoized paipberals for the 
particular user as defined by the card 115 vA^ issued by the security 
administratis during die autfaonTHtion visits described below in the 

15 SECURITY ADMMSTRATOR AUTHORIZATION VISI^ Control 
ASIC 230 is connected to syst^ bus 292 (as shown in FIGURE 3) via bus 
port 920, and cm thereftaie monitor the attonpted accesses on systsan bus 292 
and con^jare than with the teanplates stored in bus address monitar 930 usiiig 
combinational logic 940 to detennine if an unauthorized pOT|JieraI access has 

20 been atterrpted. If anunaudKirizedpedpheral access is attenipted 

embodiment of the present invention will freeze the sj^tem bus 292; secure 
conpiter system 100 remains unusable until a power cycle of conpitQ' 100 
(to res^ conyuter 100) is perftHmed. Prat 920 of control ASIC 230 is 
connected to hard drive conliDller Ic^c 710, as dibwn in FIGURE 3, in order 

25 to control access to hard drive 113 in a manner known to those skilled in the 
art 

Bus address mmitor 930 monitors system bus 292 refCTmces to 
periphaal devices such as saial and paralldl ports, i^worics, and A or B 
floppy disks. Bus address monitor 930 monitors noraaal BIOS refaraces 
30 during initialization, sudi as reset, warm, or power-up boot, and momtors to 
d^ect attenpted prohibited accesses to denied peripheral devices as defined 
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on card 115 during tbe aufliorizatian visit (see SECURITY 
ADMINISTRATOR AUTHORIZATION VISIT section bdow). 
DATA STEERING NETWORK 

Data steering network 240 is shown in a amplified blodc 
5 diagram in FIGURE 5. Data steaii^ netwoik 240 essootially a:ts as a 
hidirectimal, ei^ bit parallel, steerable data diannel. Control ASIC 230 can 
cQntrol whether the bit bus 222 from processor 220 is connected to 
RAM 260 or CE 270 by decoding the address on bus 222 and selecting mpiJt 
20 of the data steering network 240, Control ASIC 230 can also disable the 

10 data stewing network 240 by togging liable ir^iut 30 of data stemng 
network 240. This operation also ensures that CE 270 is nev^ direcdy 
connected to RAM 260 via data steoing network 240, adding to die 
protection of data stored in RAM 260. 
TYPES OF CARDS AND THEIR FUNCTl ON 

15 There are essentially three typ^ of cards: maintaiance, issuff, 

and user cards. The inaiiitenance card allows the user to access the system 
only for diagnostic purposes, but no sensitive data is accessible using the 
ndntenarK^e card An issuo' card is the topmost card of the security 
hioardiy. It enables the issuing program to configure a plurality of 

20 subordinate vssr cards. In one embodimj^ user cards can create subordinate 
user cards and allow die us^ to access pm]jierals p^ privileges granted by 
the issuQ* during card configuration. The user cards enable us^ to access the 
secure information on compHsr 100. 

Ctae embodimrat of the security hierarchy is shown in FIGURE 

25 8. Box 500 rqjresents an issuer card called the issuing office card Box 501 
is also an issuer card called the seoirity adnriiiistrator's card The issuing 
office card 500 is xised to CTeate tfie security administrator's card 501, which 
in turn creates subordinate use: cards represoited as the remaining boxes in 
FIGURE 8. In this embodimait, die issuing office card 500 way not access 

30 data in conpjter system 100; its purpose is to create subordinate user cards, 
such as cards 510, 530 and 540. 
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SECURITY ADMINISniATOR AUTHORIZATION VISIT 

Tlie next secdon of flie spedficaticai of the presatt inventian 
requires a discussion of &e information stored on the user card 115 pdor to 
the first use of the card 1 15 by a usq-. A special card issue program is nm on 
5 a con^Q- systrai 100, as shown in FIGURE ID, vMcti programs the uso* 
card 1 15 pursuant to ISO 7816 specifications. This programming is typically 
dcme by a security admimstrator who is responsible for detemmiing the scope 
of authorization of the particular user. Sudi a session is called an 
authorization visit 

10 The card issue program used to c(miiK:t an authorization visit 

will store in sq^rateregist^ located on card 115: expiratioo date of tte 
card; the code associated with the issuing oflBce; the peripherals wtddi tfiis 
particular uso- may access with this card; a code idaitifying the card as a 
nmntenance card, issue card, or usee card; the levd of authori2atiQn of the 

15 uso- of the card (see the ACCESS HIERARCHY discussicm of FIGURE 8, 
bdow); a series of questions iBed to idaitify the user; and their associated 
answa*s. 

A "first use" r^g^sta is also dedicated to indicating \^ether the 
card has beoi used befcse to allow the sj^tana to i(faitify first use. First use 

20 presents an qportunity to configure c(Mrputcr system 100 by storing in RAM 
260 saisitive data pertaining to the spedficusCT. In the evoit the information 
cm RAM 260 is erased, the first use register iixiicat^ that the card 115 was 
used at least once and the user will be required to rqjort to tfie security 
admlnisuator to have the card reissued before secure conpiter system 100 

25 will accq>t it 

A retry counter registo' is also programmed during the 
authoriTation visit vMdx contains a value specifying the number of errors a 
potential user can make in answmng &e user idontificatioo questions before 
tiie system tOTninates the verification process. In arkiition, certain information 
30 is stOTed. in the card automatically undo- ISO 7816 spedficaticHi, such as the 
type of card vMch is being used (fOT exanq^le, MICRO CARD® or 
GEMPLUS® cards) and the amount of maiKiry available on the particular 
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card Qae skiUed in the art would rcadiiy recQgoize 
stored oq the card may be stored in other configurations wi&out materially 
modifying the scope and spirit of the pr^ent invention. For exanqjle, the 
number of qi^ons wsy be varied wiftout materially changing the inveotioa 
5 QUESTIONS AND ANSWERS USED FOR JDENTFICATION 
VEREFICATION 

A series of questions are posed in a consistent fi^nnat, and the 
answei:s are recorded to idoitify a particular vssi. For exanq)le, one question 
the user nri^ be asked is: "What is your fevorite color?" The user should 

10 respond with a text string entiy vMch matches the praeoorded answw. 
Therefore if the user respcHids: "Blue", but die answer was pra^corded as 
"B@L$U*E!", the response will be incQnrect and, dqjending on the value set 
in die retry counter, the user may be doiied access or allowed to answer 
anotfa^ question. One onbodimait of the pr^ent invention us^ fifteen 

15 questions to idoitify the user. Sudi an ^Tproadi reduces the chance an 
unaudiorized us^ can acquire the conect responses throu^ surr^tious 
means. It shadd be obvious that any subcomhinaticHi of the fifteen questions 
may be used for idoirification purposes. In (Hie onbodiment of the present 
invention, a random number gmsiator deddes the numbs- of questions to ask 

20 (mininium three), and the particular questions sdectedL However, it is clear 
that the number of questicms and their selection process be altered 
without materially altering the scope of the presait invention 
JNTITALIZATION OF THE SECURE COMPUTER SYSTEM 

FIGURE 7 shows a flow diagram detailing the procedure by 

25 whidi the present inverriion acquires COTtrol of the conpjter fcr user 

identification and verification purposes upon an initialization sudi as power 
up, dear, or wami hod reset Those skilled in tte ait will readily sfpraate 
that mmor nKKfifications to the order or exact irqplanentation of die fidlowing 
st^ will not naatfirially modify either the scq)e or spirit of the presrat 

30 invCTticHi Upon initialization, at step 704 the standard con^xiter BIOS will 
quay die computer system to detmnine tiie present configuration of the 
systera Processor 220 is programmed to monitor and save BIOS roiitine calls 
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made by tiie secure corrpitff system*s BIOS during step 704. Control ASIC 
230 assists processor 220 in nmitoring and n^manzmg the BIOS routine 
calls. The mmiorized calls are then used as a tenplate for conparison 
purposes to ^isure that subsequent reboot of the con:pit^ system with the 
5 standard q)erating syston confonns with the initial [Bttmi Sudi a check 
vmfies that the system BIOS is, indeed, in control of the subsequent reboot 
l^ocess. This prevmts loading of another syston BIOS to bypass the security 
system in cfder to access sensitive data. 

As detailed above, the hardware pr^ent on card read^ 

10 interface board 109 is designed to simulate the p-eseace of a hard drive. At 
initialization, CPU 290 executes die standard BIOS nxitine of loading the first 
"one md/cff two sectors" fi-om the C: drive. Card reader intorfece board 109 
intOTepts the read issued CPU 290 and directs it to ROM 280. As is 
illustrated in FIGURE 6, ROM 280 contains loado" program code 610. 

15 TherefiDre the first one or two sectors of the*C: drive" are read from ROM 
280. (Wh^her one or two sectors are loaded depends m the type of CPU 
290, speed of CPU 290, and type of BIOS used by the conpiter systmt) 
Loader program code 610 is then executed by CPU 290 to retrieve, at 709, the 
remaining "sectors" of ROM 280. Hiose sectors contain a vaification 

20 program (620 of FIGURE 6) used to verify the authorizatian of the user to 
access the system Control ASIC 230 monitors the loading process, infarming 
processor 220 at stq) 712 ^en the last byte of code is loaded into CPU 290 
so that processor 220 is aware that the vmfication program is abcHit to 
execute an CPU 290. Processor 220 tiim generates, at stsp 713, unsolicited 

25 card status from card reader 111. Meanvshile, at 714, CPU 290 executes 
verification program 620. When unsolicited card status has beai retrieved, 
processor 220 instmcts ccHitrd ASIC 230 to connet^ processor 220 to system 
bus 292 via data steering networic 240, CE 270, and hard drive conlroiUer 
logic 710 (stq> 721). Rrocessor 220 dieo transmits the status of card reads- 

30 1 1 1 to CPU 290, howBVQ", the vaification program will loop until unsolicited 
card status is received firm processor 220 (step 722). 
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USER AUTHORIZATION VHUFICATtON PROCEDURE 

At this point, the processor 220 is actually controlling system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CPU 290 throp^oxjt the execution of the verification CPU 
5 290 receives an intemqrt indicating that a card was inserted, mi %\hether a 
conductive card is present (st^ 724 and 728). If no card is presoit, then a 
ra^s^ to "ins^ card" is flashed to die operator on display 105 (step 726). 
If the card 115 is conductive, then the systan his 292 is fixjzra and the 
voification jKocess is teraiinated (step 736), If the card 115 is 

10 nonconductive, thai power is ^lied to the card reada 1 1 1 (step 729). Upon 
powerup, the card 1 15 issues an unsolidted res^ message which is transfared 
to the CPU 290 by processor 220 (step 732). PSrocessor 220 resets card reader 
111 by holding the RST signal (224 of HGURE 3) low (active) for a 
specified time as defined by ISO 7816-3, and thsi raises the signal to indicate 

15 end ofn^ to card 115. Card 115 issues a reset message to processor 220 
via card reader 111 vMch identifies vAdha: the type of card being used is 
MICRO CARD® or GEMPLUS® (per ISO 7816, K4ICR0 CARD® and 
GEMPLUS® Tedmcal Manuals) (step734> If the card 115 is not an 
acceptable card, then processOT 220 fi:eezes the ^tem bus 292 and terminates 

20 tte authmzaticm pxx^ess (step 736). Ifttecardisaccqjtedaspotaitially 
valid then the vaification program determines if the card was issued by the 
correct issuing office (step 742). The expiration date is also retrieved fiom 
tiie card by processor 220, but must be sent to CPU 290 because processor 
220 does not have a clock/calendar to con^pare the ejqpiration date (step 744). 

25 If either of the tests in stqps 742 or 744 fell, thm system bus 292 is fiozea by 
processor 220 and the verification process is stqjped (step 736). If flie card 
115 meets the previous tests, then CPU 290 instructs processor 220 to read 
several questions and their associated cotrea responses finom die card 115 and 
load them into RAM 260 (step 746), In one onbodiment of tiie presont 

30 invention, tiie answa:s are stored in the secure area of RAM 260 and the 
questions, which are nonsensitive, are stored in the open area of RAM 260. 
The user is ihm queried for responses to questions read iccan card 115 and 
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must answer the questions cxMrecdy to gain 2CCQSS to the coopiter. The first 
question is displayed to the user {stsp 748), an qjerator response is received 
by CPU 290, formatted, smt to processor 220, and can5>ared by processor 
220 whh the answas stored in die secure space of RAM 260 (steps 752 and 
5 754). A coxmter located in processor 220 is inoemented eadi tinae an 
eiTOT is made in answering the questions, and is pr^jrogrammed by the 
security administrator to tmninate die verification program if the number of 
orcaieous responses exceeds the jjrqjrogrammed value (ste{^ 758 and 736), 
This protection is installed to prevent an unauthorized usa* of a card fixnn 

10 iqDeated guessK of die correct answers to the posed questions. 

After the last question is asked (step 762) the DES encryption 
key is calculated (stq) 764). In one embodiment of the present invention, the 
key is calculated using us^ unique binary infom^on stored on the card 115 
and in the RAM 260. This allows die prc)gram to calculate unique keys even 

15 if the key geararation equatim is identical fitm user to user, since the injuts 
identifying each user will be dq)Qident on die answers given by the user, and 
therefore, the calculated key will be unique. Anoflier eaibodimait of fl^ 
presCTt invention will have the verification program prompt the user with an 
additional qu^tion to assist in the key randomization process. Alternate 

20 mibodiments of the present inventicm coidd insert sudi a question at any 
point in tiie vmfication program prior to the key genrntion stq). In one 
CTibodiment of the present invention, the key generation algorithm is givai by 
the pseudocode shown in TABLE 1; 

25 TABLE 1 
BEGIN: 

read t±ie binary data from card 115 associated 
with the prerecorded questions and answers; 

reduce the binary value by powers of nine; 
30 store the carries generated in a register to form 

a random number; 

exclusive or the random number generated in the 
previous step with data stored in RAM 260 of secure 
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cortputer system 100 to generate 16 strings of 64 bits, 
whicii will serve as potential keys for encryption; 
load the sixteen keys into CE 27 De- 
generate a random number between 1 and 15; 
5 select one of the sixteen keys using the random 

number; 

use that key for encryption purposes; 

END. 

10 However, it wiD be clear to those skilled in tbe art that other fonnulas may be 
used withOTt mataially modifymg the spirit and scope of tiie present 
invention. 

Afi^ the key is geQe3:ated, it will be loaded, along with an 
CToyption table, into the CE 270 (step 7^), so that the CE 270 wiQ be read^ 

15 for mayption if the test of die loading is passed (stq) 774). If the table is 
not loaded correcdy, thm the verificatian program will tenninate (stqD 736). 
If the table is loaded correcdy, the processor 220 reviews the entire histray of 
die verification sequence (776) to ensure that all of the required tests have 
passed (778) before connecting the systCTi bus 292 to CE 270 (782), 1^ at 

20 778, all required tests have not passed correcdy, the vmfication program is 
toininated at step 736. Odiawise, tk; CPU 290 wiU then boot fixmi terd 
drive 1 13 in OTder to execute the disk q^erating system for secure compatsc 
100 (step 784), Processor 220 monitors this reboot process using control 
ASIC 230 to nKOTtor die BIOS routine calls to ensure that the native syston 

25 BICS is propaiy rebooting the cOT^Juter firo If 
any unautfaori2ed accesses are atten^Tted, systmi bus 292 is fix^zen and the 
verification program taminates (stq)s 792 and 736). Lfaauflwrized accesses 
include: unauthorized access of paipheral (monitared by bus address monitor 
930 on control ASIC 230), and attonpts to boot fixMn die A: instead of C: 

30 drive (nwaiitored by processor 220). (stq) 788). If no unaudKirized acce ss es 
are detected, the program vrill allow the usee to use disk drive 113 until the 
session is temrinated by the user via removal of card 115 or system reset (stq) 
794). Once the iiser is done, systan bus 292 wiD be ftozen and the oonpiter 
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100 must be power cycled (to reset cxmpiter 100) before another s^on can 
take place (step 736). 
ACCESS HIERARCHY 

FIGURE 8 shows one Qjabodimoit of a hierardiy of secured 
5 access codes among a nBdtiusa: organizatioa The present invention teadies a 
hierarchy coding method used to generate &railies of access codes \^di 
jxnmt honzontal and vs^cal segregation of access codes within an access 
hiaarchy. As shown in FIGURE 8, the access code is designed to allow a 
supmor of a subordinate user access to Ae conputer of tiie subcrfnate, hit 

10 only if tte sipmor has access in the same vertical portion of the user 

hierardiy. For exanqjle, reftmng to FICjURE 8, usar 520 cannot access the 
information on us^ 510's conputer (520 is subordinate to 510), but can 
access the infonnation on Ae conpitKs of isers 522. However, user 520 has 
no access authority over user 550 (no horiTontal access privflege), nor does 

15 user 520 have access audicffity over usa:s 552 (ladcmg valical commonaKty). 
A benefit of such organizations of key infonnatian is that access may be 
limited in an organized and restricted hierarchy. For exan^jle, if somehow 
security is conpiomised in the middle branch of FIGURE 8, thai the left and 
ri^ branches are rK>t conpximised 

20 A vast arr^ of usss may therefore be acconmodated easily 

within the hierarchy shown in FIGURE 8 by dedicating access code words to 
eadi level. In one such embodiment, sbdy-four (64) bits are allocated to the 
access code word desaibiiig 510 level, allowing 2^ unique codes at 510 level; 
sbcty-four (64) bits are allocated to the access cocfe word desaibing level 520, 

25 aUowing2^ unique codes at the 520 levd; and sixty-four (64) bits are 
allocated to the access code word describing levd 522, allowing 2^ unique 
codes at the 522 level. Tbese bits m^ be stored on card 115 in dedicated 
registCTS and assigned by the security administrator during the authorization 
visit 

30 Ihe horizontal sq>aration of usa:s.may be easily attained by 

including an extra question in the list of queries posed and answo^ during 
the verification prpg?:am execution. An answer could be pred^iamined wttch 
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would be common among all users in a cxsnmon vertical groiq>, and vAAdi 
wcHiId segregate them fix3m otha* uscts in oiA^ votical groups. For exanple, 
eadi individual vertical group wcHild be identified by a unique, predetennined 
response to the same questioa Hie response could be m^)ped to a birary 
5 number, which could serve as a consistoit ofi&et for purposes of generating 
the access code. For example, if a qu^tion asked for a fevorite sport, tte 
response "golf* could be used by all members of a particular vertical grm?) to 
idaitify their groip. 

In one embodiment of die pres^ invendon, 5&een (15) 

10 questions are used to identify the user, an extra question is used to idaitify 
the particular vertical teandi of the access tree the user resides. Thssc 
questions are enployed to select the DES CTcayption keys available to the 
user. In this way, the DES enayption key questions serve as a fiirthQ" 
randomization of the access code whidi is user dq)end9it 

15 Essentially, access infbraaation is distributed betweoi the user 

(in die preprogrammed responses gm^ed by that iiser), die card 1 15 
(programmed vAisn the individual is givoi access audiarity), and RAM 260 
stored on card reado* controllCT board 109. Thoiefore, in one embodiment of 
die invention, the access code is a combination of the user, the card, and the 

20 campabs^ vMdi die user uses. This provides for a level of security for 
the Qidre syston, and requires diat the us^ be re-audK]rized by the security 
administrator evoy tune die user's access privileges are lost due to incorrect 
or ircpx3per atten^ted access. In dns way, security administratCHis can control 
ti^ access attend by the since they are informed eadi time a potential 

25 security breadi is encountered; users must be re-authorized if the 

idoitification information in RAM 260 is destroyed by atten^Jted unauthorized 
access. 

DESTRUCTION OF DATA 

Logical destruction of die data resident on the various memory 
30 storage devices found on the coirpiter system may be prqjrogrammed to 
occur afte" a fixed number of failed attrapted accesses (see FIGURE 7 
discussion of retry canto, stq) 758). In one onbodiment, board 109 goes 
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furthCT and freezes the systrai bus 292 to prevent unautfaodzed retrieval of 
sensitive iirfonnation following detection of a potential security breach. The 
data stored in bard drive 113 is logically destroyed viisxi fte DES enoyf^oo 
key is wased since the key cannot be recoostnicted by the intrudo'. 
5 Therefore, if the key information in RAM 260 is destroyed, it is equivalent to 
rendering the data stored in hard drive 113 logically destroyed, since without 
the enciyption key it is imdedi^ierable. In one embodinrait of the present 
invCTtion, the DES key kernel infomiation stored on RAM 260 is destroyed 
by during RAM 260 using an algorithm executed by processor 220 vpm 
10 d^ection of attm^^ed xmauthorized access, or by groundfaig the powia" pin of 
RAM 260 using transistor drcuit 210 as d^aribed in the section UXHCAL & 
PHYSICAL DESTRUCr HARDWARE, above. A further hurdle requires that 
any user whose card 1 15 is invalidated by unaudiorized acc^s visit the 
secmty adininistrator to get dieir card rdnstated Physical destruction of the 
15 data storage n^dia is also possible by asserting pfaydcal destruct signal 212 
^nerated by control ASIC 230 under control of processor 220 in the event of 
a breach, triggering destruct padcage 213 desigr^ to jrfhysically destroy tte 
hard drive 113 and RAM 260. 

Altanate snbodimeiits of the destruction means of the presrat 
20 invrotion are also possible. In one embodiment, the selection of destruction 
means and the }:Hxx:ess by whidi die d^truction methods are invoked are 
programmed by alt«ing the code in the internal ROM of processor 220 or by 
varying the value of retries allowable on the registK- of card 115. Thereftjre, 
one embodiment of the pres^ invention is not limiting and does not 
25 matmally limit the socpQ of Ibc presait invratian. 

FIGURE 9 illustrates one erribodiment of the presoot invention 
showing a card reads- recqjtacle 820 mounted with a hard drive 810 to 
fedlitate physical mf^mring of the card reader and a resident hard drive. For 
©canple, a hard drive .113 can be co-located with a card reatfer 1 1 1 to form a 
30 singje unit conpising a secured didc drive as shown in FIGURE 9. This 
mounting scheme illustrates only one of several possible embodiments of ttie 
mechanical irounting of the card reado* recqrtade 820 in die present 



wo 95/24696 



PCTAJS95/D2579 



27 

invendoa Oinac erabodiniaits illustrating the medianical mounting of card 
reader recq)tade 820 are possible without materially modifying the scx>pe of 
the pr^ent invendcn 

Ihose skilled in the art will readfly see that the present 
5 invention offers sevoal benefits over other devices includii^ but not limited 
to the ability of one anbodinaent to provide three levds of campdter security. 
For instance, one embodiment of the presoit invmtion jrovides security in 
three distinct wscys: 

(1) inon^atdy asserting control of the con^juter system upon 

10 initiali2ation in the form of preboot protecdcm, since the card reada* interfece 
board simulates die C: drive loader code before an intruder can inteniqjt the 
system and thereby imraediatdy takes control of the CPU; 

(2) d&sx preboot control is acquired a user verification program is 
executed to eaisure that the user is audiorized to access the cooGputer, and 

15 (3) orbing mranitcdng of conpiter activity as the ooinjuter systan is 

in use, to detect attempted unauthorized accesses using a bus address monitor 
and destroy soisitive program and enoyption key in&amation before an 
intruder can break into the system. 

Those skilled in the ait will readily appredate that the scope of 

20 the presmt inv^on is not restricted to securing personal conpiters, but may 
be extsxded to securii^ cAier types of conpiter systsns (laig^ or smaD^) or 
specific peripherals of both small and large cosiqjutQ' systOTS. Additionally, 
the present invradcm may be encployed to secure the digital data stored on 
any syston wUdi stores sensitive digital infomratioa 

25 The presOTt invention discloses the use of the card reado* 

int^r&ce board 109 in conjunction witii hard drive 113. It should be appar^ 
howeva:, that the same type of security could be ^lied advantageously to 
control ti^ contents of otiier nonvolatile manory such as a contact disc (CD) 
ROM system, Ftasonal Cdnjuta: MeoKjry Card Xntemational Association card 

30 (FOvOA card), or streaming t^ badap iimL Indeed, the present invention 
can be q>plied advantageously to control ^x:ess to ar^ peripheral vMdti could 
be connected to a corrpto systan. For instance, the present invaition coidd 
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be ^lied to secure subsections of mass storage devices, sudi as partitioned 
hard drivK or PBX switdies. Alternate enciyption methods, laigs* or smallo- 
data and address buses, alteniate integrated drcmt cards and reackrs, and 
modifications to the ccsotroi algorithms m^lpyed in the presmt invmtion rosy 
5 also be used without materially altmng the scope and spirit of presoit 
inveitticHi 

It is to be understood, however, that even thou^ num^xais 
diaracteristics and advantages of the imrention have been set forth in the 
foregoing d^oiption, togrfier with ddails of the structure and fimction of the 
10 invention, the disclosure is illustrative only, and dianges may be tmi& in 
detail, esp^ally matters of sh^, size, and arrangemmt of parts within tiie 
principles of the invoition, to the fiill extmt indicated by the broad general 
n^aning of the tmns in \\iiich the ^jpaided daims are e?q3ressed 



wo 95/24696 



PCT/DS95/02579 



29 

AMiat is claimed is: 

1. A medKxl of operatmg a conpit^, cooqirising tiie steps of: 
a) prior to boot, acquiring control of tbe CPU; 

5 b) loading a verification pipgram; 

c) verifying that the user is authorized using the y^ificaticHi program; 

d) prohibiting acc^s to die conopiter if the user is not authorized; 

and 

e) providing access to the coopiter if the user is authonzed, 
10 conpising the steps of 

1) mcHntoring bus accesses to d^ect if a user is attempting to 
read or write to an unauthorized peripheral; and 

2) destroying memory contoits if unauflK»ized attorpts at 
access are detected 

15 

2. A HKthod of protecting infbmiation stored in nonvolatile memory of a 
conpitQ' systmi having a systsn bus, cou^ising the steps of: 

a) providing a plurality of sources of identification mfonnatioo for 
id^itifying an authorized user; 
20 b) restricting access to the conpiter system by the steps of 

1) perfooriirig preboot oositrol of die compu^ 

2) loading a verification program; 

3) reading idmtification infomaation fi-om the plurality of 
sources; 

25 4) comparing die identificaricHi infiaiE^an read fixm the 

plurality of sources to verify the aufliorization of the user, 
c) if the usa- is an authorized user, providing access to the conqjuter 
by the sibsps of 

1) allowing access to the computer system; 
30 2) constructing an eaicayptioo key fi-cm the plurality of 

sources; and 
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3) eiK3:ypting the information stored in the nonvolatile 
msmory using flie constructed encryption key; and 
d) if the iiser is not audiorized, freezing the systanbu^ 
anodio- attai^Jt to acc^ the conpit^ system requires a powerdown 
5 to reset the conqjuta: system. 

3. The HKdiod according to claim 2, the step of providing a 

plurality of sources includes the step of providing identification infomiaticffi 
from an integrated circuit card, identification infbnnation input fcom a user, 
10 aiKl identification in&msaticm reside in the cooqjuter system 

4 A method of protecting infiaimation stored in nonvolatile memory of a 
conpitQ" system, the conpiter system having a centml processing unit 
(CPU), the rcffithod conpising the steps of 
15 a) providing a ccMputo- system with an intQ:fece board with a 

resideitf verification program and a loader program for loading the verification 
pffogram; 

b) restricting access to the nonvolatile msmoiy, vsiierein the step of 
restricting access indudes the stqis of 
20 1) controlling the conpiter syston central px)cessipg unit 

(CPU) during initialization and prior to booting the conpiter, wherein 
the stsp of comroUing conpisra the steps of 

a modtoring and storing BIOS calls made by tiie CPU 
during the loading of the v^ification program; 
25 b. initiating an initiali2ation of the conpiter system; 

c. sunulating a boot disk siK:h that the CPU loads the 
loader progran^ 

d. executing the loada* program; 

e. loading the verification program; and 

30 f executing the verification p r o gram, wherein said 

program verifies the idoitity of the usa; and 
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2) if the usQ- is vmfied as an authorized user, allowing access 
by the steps of: 

a providing access to the nom^olatile nmiory; 

b. booting the conpte- system from the rioiivolatile 
5 manoiy; 

c. nK)nitQring and storing BIOS calls made by the CPU 
during the booting stqj; and 

d detecting logical accesses which could cQmpromise 
the security of infoni^an stored in the nonvolatile memory, 
0 vAOTein the stsp of detecting logical accesses includes the stq^s 

of 

1. cOT^saring BIOS caDs stored (faring the 
loading step witii BIOS calls genaated during the 
booting stq); and 

> 2, if BICS calls do not matdi, freezing the 

syst^ bus, requiring a powa- cycle of the conpiter 
system to reset tfie con^Tut^ system 



5. The method of claim 4, wiierein the m^hod furtho- comprises the 
20 sbsps of, 

ccmstructii^ a unique mdyption key obtained fran a plurdity of 
sources; and 

mcrypting infonnation stored to the nonvolatile memory usiiig tiie 
aiayption key; 

25 and is\heran the step 4.2.d2 of freecing the systan bus con^jrises the 

step of Ic^cally destroying the data stared in the nonvolatile manory by 
destroying the OKsyption key. 



30 



6. The m^od of claim 4, ^^herein the step 4.2.d2 of freezing the system 
bus conpises the step of physically destroying the nonvolatile memory, 
tfiaeby destroying the data stored in the nonvolatile memary. 
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7, The method of claim 4 iNiio'dn the sxsp of detecting unauthorized 
logical accesses oonjirises detecting unauthorized peripheral accesses. 

8. A secure conpiter system for controlling a user's acc^ to 

5 confidaitial information stored in nonvolatile memory, the system conqirising: 

a) asystanbus; 

b) a central processing unit (CPU); 

c) an identification card, containing identification information for 
idaitifying authorized uses of the ooiiy ulCT system; 

10 d) a card reader for reading identification inforaiation firm the 

identification card; and 

e) a card reader intofice, connected to the system bus, the 
interf^ operates to assume control of tibe CPU upm initialization of die 
conpjter system, the interfece conpising 
15 1) a dedicated data bus for consnunications with the 

nonvolatile memory; 

2) a dedicated data bus for communicatiGns with the card 
reado^, 

3) a raification program to be executed by the CPU for 
limitix^ access to the nonvolatile mesoKJry to only authorized users; 

4) a manory stcnage device for storirg user-spedfic 
information; 

5) an erKEtyption system v^ch enoypts tibe data stored to the 
nonvolatile OKmory u^pg an eoayptian key constructed fixm data on 
ihe identificadon card, data in the memory storage device, and irputs 
fi'om die uso", 

6) an input/oiJtput bus address UKinitor dicuit for detecting 
attenqrts to bjpass die voification program; and 

7) a memofy erasing circuit for d^troying encryption key 
information stored in the manory storage device if an unauthorized 
access is detected by the intoiace. 
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9. A method for p-otecting infbnnatioii stored in nmvolatile msnory of a 
cx)inHitjer, the m^od cxjo^jrising the steps of 

a) providing means for interfedng an injSOTnation bearing card to the 
coxnpv&sr, 

5 b) storing individuali2ed questions and answers whidi uniquely 

identify a user caa the informaticffi bearing card; 

c) reading idratificadon infomi^on and card information from the 
information bearing card; 

d) executing a vmficatioa routine upon initialization in order to 
10 determine \^4ledla' the user is authorized to gain access to the protected 

infisraiatioQ stored in the nonvolatile meoKsy, \^erdn the vmfication rxTutine 
conqrises asking the user the individualized questions and compaiing answers 
recdved against the stored answK^; and 

e) if the user cocrecdy answers the questions, permitting access to 
15 portions of the protected infbnnation stored in the nonvolatile memory. 

10. The mediod accordiiig to daim 9, fiirther conpising the step of if the 
user does not conecdy answa- the questicms, freezing the conpiter and 
requiring that the ccMtputer power be cyded to reset the con^juter, 

20 

11. The mediod according to* daim 9 furtha- coopisiiig Ae stsp of 
prc^amuiing the information bearing card with individualized access privilege 
infoimation to idmtify vAndi nonvolatile menray devices the user is 
privileged to access. 

25 

12. The n^tfiod according to daim 9, \^iierein the step of pamitting 
access conpises the steps of 

a) verifying that the user is privileged to access the infi>rmatioa stored 
in a first storage device; and 
30 b) if the user is privileged to access the infonmrion stored in the first 

storage device, pennitting access to the protected inforuGation stored on the 
first storage device. 
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13. The mettiod according to claim 1 1 firfisr conpising the step of if the 
usar atteiEpts to access infiDimation from an unprivileged storage device, 
freezing the cQnGputo" and forcing the user to reset the corrpjter system and 
begin authorizatiQn verification 

5 

14. The method according to daim 9, vAicrdn the stqj of reading fiirdier 
comprises the step of inaiemailing a iietiy counter if the iKCTincoi^^ 
answCTs a question, and waiting a subsequent user r^ponse if the 
counter has not readied a pred^OTnined value, odienvise teramating the 

1 0 authorization procedure. 



15. The mediod according to claim 9, A^Aerdn tiie step of reading furtha- 
conpises the stq>s of 

a) readily a card identification code from the card indicating card 

15 type; 

b) ctetermining a card type from flie card identification code; and 

c) if the card is a maintaiance card, allowing a user access to the 
conpiter for m ai nten a nc e purpc^, without allowing access to the nonvolatile 
memory of the computea'. 

20 

16. A secure conopita- providing ftff the cOTtroUed access of inte^ 
devices via a card reader, the computer conprising: 

a user inpat device; 

a card reader, 
25 a screm diqjlay; 

a central processing unit (CPU); 

a device containing non-volatile CPU program code; 

a CPU s>^tem boot ROH 

a plurahty of periph^al device; 
30 a system data bus; 
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a microprocessOT for writing and reading information to and fix)ra a 
card placed in the card reader, the nricrcpocessor and the CPU 
connected through a dedicated data bus; 
an enorypdon engine; 

a volatile menray device for storing data reeved fixjm Ae card by 
the micTcp-ocessor, 

said CPU system boot ROM indudtpg code for instructing the CPU to 
start executing the CPU program code in the device so that the CPU 
program code in the device takes ova* control of die CPU, so tibat 
upon a pow^'xsp, dear, or wam>lx)ot of the coopiter die CPU 
program code in the device obtains control of tte CPU; and 

said CPU reqxMisive to said CPU jTOgram code, to pofomi an 
audioriTation verification procedure oonprising the steps of 

a) instnttting the inicatjprcx:essQr to read a card placed in 
the card reader by a user and oteain at least one 
qu^on ftom a list of questions stored in the card; 

b) displz^dng the question to the usct on the screoi displ^, 
and waiting for a response fi-om the user on the ii^Hit 
device; 

c) passing the r^ponse to the micrqirocessor and the 
microprocessor conparing at least one usct response to 
a list of correct answers stared on the card; 

d) receiving the r^ults of the connparison by the 
imcToproc^sor and allowing acc^ to the CQopto if at 
least one \xsgc response matches a correspOTding correct 
answer; 

e) generating an enoryption key fiom data on die cani, data 
stored in die volatile memoiy device, and responses 
received by the user, and 

f) enaypdng all data stored to die plurality of peripteals 
using die oicayptian key. 
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17. The am^niter of claim 16 furthCT coit^^ 

a security drcuit for monitoring Bttensptcd unaudKHTzed accesses of 4e 
conpiter, and 

a logical destnict circuit, connected to the security circuit, for 
5 destroying data in the volatile mmray device if unauthorized access is 
d^ected by at least one of the mioqirocesscH- and the security circuit; 
and tiie miatpocessor perfbmB the steps conmriang: 

nwnitoring and staing CPU BIOS routine calls during the 
authorizatioa verification procedure; 
0 nKjmtoriiJg and con^iaring die CPU BIOS louti^ 

the ndxjoting process to d^ect control of tte system data bus by 
another program; and 

if die BIOS calls stored duriijg tiie autknigatiQn verification 
procedure do not match die BIGS calls nKHiitored during tte id)ooting 
5 process, then logically destroying die data in die volatile manoary 

device; and 

vAerdn the CPU performs die additional step of iiKTementiiig 
the value of a retry counta^ if die vissr incorrecdy answers a question, 
and waiting fi^- a subsequait user r^xxnse if the vahie of the retry 
* counto- is less than a pred^mnined value, odrawise tmirinating die 

audiorization procedure. 



18. The conputra' of claim 17 v^toerdn the ccxipiter fiirther conpises one 
or more physical destruct medianisms logically connected to the 
25 micatjprocessor for physically destroying data on at least one of the plurality 
of poiphoal devices. 



19. The conputer of claim 17 fiirther conoprising a physical destnict 
ou^ and physical destnict package, die output for triggering the physical 
30 destruction of the secure cxmtpvAer by compute control xqxm d^ected 
attarpted unauthorized access. 
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20, Tlie compute of claim 17 \^4le31ein the key information is generated 
from data stored chi the card, in the volatile riKinoiy device, and from 
responses entered in by a usct during the verLfication procedure. 
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